Just set up Cloudflare Access and it’s working very nicely but only for one access policy.
On Cloudflare I have SSL/TLS mode to full, redirect to HTTPS enabled and HSTS on.
So, I have proxied A records for a.domain.com, a.a.domain.com, b.a.domain.com and c.a.domain.com all pointing at primary-ip.
I originally had the sub-sub domains as CNAME records pointing at a.domain.com with a wildcard but I’ve moved to explicitly defining the records, to remove any possible issues.
Now, I have Access policies for a.mydomain.com as well as the sub-sub domains.
At primary-ip I have Nginx Proxy Manager generating Let's Encrypt certs for the sub and sub-sub domains individually, enforcing SSL and redirecting the traffic to my internal devices.
To the crux of my issue. For some reason Cloudflare Access works perfectly on a.domain.com but on *.a.domain.com I don’t even get directed to the authentication page and Chrome gives me ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
I’ve pinged the *.a.domain.com sub-sub-domains and they are being proxied… So I’m stumped as to what is wrong…
Are you using Cloudflare’s Universal SSL certificate, or a dedicated certificate? The Universal or $5 dedicated certs only cover *.domain.com, not *.sub.domain.com. So I would not expect
to work.
If you are redirecting to HTTPS, I believe the SSL error will occur before Access kicks in.
Which is fine, and you do need the certs on your server, but that doesn’t affect the certificate on Cloudflare’s proxies which will only cover *.domain.com unless you have a dedicated certificate.
DNS: app.example.com => IP Grey Cloud
*.app.example.com => IP Grey
admin .app.example.com => IP Orange Cloud
I am then trying to configure cloudflare access on the admin URL. I have no ability to flatten this as the “admin” URL is hosted by something I don’t control. I tried setting SSL to off but that didn’t seem to work